The Philippine Star
February 14, 2022 | 00:00
MANILA, Philippines – Efforts by the Department of Information and Communications Technology (DICT) to investigate the possibility of a faulty one-time password (OTP) system that could have rendered Land Bank of the Philippines vulnerable to a phishing attack were swept away by the government bank.
The DICT Computer Emergency Response Team (CERT-PH) coordinated with Landbank last January 27 to help investigate the suspected unauthorized withdrawals or debit transactions.
CERT-PH intended to investigate a faulty OTP system that may have enabled the recent phishing of public school teachers’ accounts and unauthorized fund transfers.
However, Landbank had referred the DICT’s investigations on this subject to the Bangko Sentral ng Pilipinas (BSP), to which the public bank had submitted its report.
DICT said Landbank maintained that it had submitted its report to the BSP since the latter is the “CERT sector leader” in the banking sector.
“CERT-PH asked Landbank for any early information if the incident violated the integrity of the system or if there were behaviors related to hacking. The coordination was initiated with the intention of providing immediate technical assistance if needed,” the DICT said.
While this effort cannot be aided by Landbank, DICT said it will continue to support BSP and the Cybercrime Investigation and Coordination Center (CICC) which is investigating suspected faulty OTP systems of banks.
“DICT will continue to coordinate with CICC and BSP to resolve the issue,” he said.
“In light of this problem, the SIM card registration bill can help prevent allegations of hacking, fraud and scams in the future. The SIM card registration law, which requires the registration of the subscriber identity module card, will extend other existing laws such as the Cybercrime Prevention Law and the confidentiality of data to ensure the protection of citizens. The bill now awaits President Duterte’s signature to become law,” the DICT said.